[gnutls-devel] GnuTLS | bad_certificate instead of illegal_parameter alert in compressed certificate (#1585)

[Read-only notification of GnuTLS library development activities]

George Pantelakis created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1585



## Description of problem:
When a compressed certificate is used we send the following compressed certificate message:

struct {
CertificateCompressionAlgorithm algorithm;
uint24 uncompressed_length;
opaque compressed_certificate_message<1..2^24-1>;
} CompressedCertificate;

When we are changing the CertificateCompressionAlgorithm section to some algorithm that GnuTLS doesn't know we get back a bad_certificate alert instead of an illegal_parameter alert.

## Version of gnutls used:
gnutls-3.8.7

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
RHEL and Fedora

## How reproducible:
Always

Steps to Reproduce:

 * Run https://github.com/tlsfuzzer/tlsfuzzer/blob/master/scripts/test-tls13-client-certificate-compression.py against an GnuTLS server.

## Actual results:
Tests "Additional bytes, \*" from test-tls13-client-certificate-compression.py fail

## Expected results:
Tests "Additional bytes, \*" from test-tls13-client-certificate-compression.py should pass

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1585
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240927/d7ba9189/attachment.html>